Include code from a public github repo? about embedme HOT 9 CLOSED

I just tested how to do it. This could work with https://github.com/axios/axios.

      axios({
      method: 'get',
      responseType: 'blob', 
      url: filename
       })
      .then(function (response: { data: string; }) {
        log({ returnSnippet: substr }, chalk => chalk.blue(response.data));
      })
      .catch(function (error: {data: string;}) {
        log({ returnSnippet: substr }, chalk => chalk.red(error.data));
      });

Would you appreciate a PR and would you review and comment on it in short time?

from embedme.

See #68
or
your repo forked at https://github.com/astridx/embedme

from embedme.

@astridx why have you closed this issue while the PR is still open?

from embedme.

@Edo78 I know it like this, that an issue is closed when a PR is opened. Here it is like this: https://github.com/joomla/joomla-cms/ for example.
Is this wrong?
But by the way: I don't have the feeling that PR is wanted either.

from embedme.

I'm not sure. I always prefer to have a feedback on the issue from the maintainer.

I hope the PR is accepted because it can be really useful even on the very same repository. If I specify a line range and I change the source file the same range could point to a different code but pointing to a specific version can "solve" this issue.

from embedme.

@Edo78 Edo78 I'm not sure. I always prefer to have a feedback on the issue from the maintainer.

Same with me. "I always prefer to have a feedback on the issue from the maintainer". But: Since I needed the function for myself and it was already ready, I created the PR. It is also easier for the maintainer to make a decision when he sees the implementation.

from embedme.

Hi @astridx and @Edo78 , sorry for my silence on this issue, I've been busy with other stuff and forgot about this issue. Unfortunately I do not wish to extend the functionality of this iteration of the tool to include remote file management for a couple of reasons.

The main one being that I see this as both a security and consistency risk, if we had more fine grained permission controls with Node.js like we do with Deno, I'd be all for it, however I don't like the potential risks associated with basically uncontrolled fetching of remote data.

That said, I can certainly understand the desire for such a feature and would be happy to discuss alternative solutions such as a plugin-like architecture where a user needed to explicitly add separate (optional) dependency to allow for remote file resolution?

from embedme.

@zakhenry Thank you for your answer. Is it correct that you see the security issue for the offer at https://www.npmjs.com/?

from embedme.

What's the difference between:

1. wget
2. git submodule add
3. cd ../other/path; git clone foo/bar then add a relative ref?

And...
4. embedme fetching remote links
5. including a file from your repo that maybe was copy/pasta'd from a normally reputable source that happened to be compromised at the time I copy/pasta'd
6. generating an svg of an asciicast with a tool that one day becomes compromised 😜

All seems a matter of where the request happens? And is the responsibility leaked to users or encapsulated in one program that might have a better chance of applying some safety checks (not that it has to) 😃

from embedme.